Friday, June 8, 2007

Pooh and the Art of War

PoohWinnie the Pooh is a big fan of honey. In fact, he loves it so much that he will often get his paws and even his face stuck in the honey pot! In the computer world, a Honey Pot is a computer (or network of computers) designed to detect and monitor hackers. The idea is that the hacker will be lured in and trapped by the honey pot.

Honey Pot System
Honey Pots are decoy machines. They can be inside or outside a firewall; they can be single computers or linked into networks, called Honey Pot Farms. Once a hacker logs into the Honey Pot, they are under constant surveillance by the security staff. All of the hacker's keystrokes are logged and it becomes possible to recreate their attempts to invade the system and cover their tracks. Effectively, the security staff has created a research lab into the hacker's world. Honey Pots are also useful at tracking Spammers because all incoming mail is illicit as the decoy has no reason to send or receive anything. It is extremely important that the Honey Pot is well isolated, otherwise the hacker may be able to break through the decoy into the actual network.

Evil Monkey

Microsoft has developed a system where computers loaded with monitoring software explore high risk areas of the Internet, called the Exploit-Net. These Honey Monkies, short for Strider HoneyMonkey Exploit Detection System, search for sites that install malware on visiting computers. A snapshot of the Honey Monkey's registry and memory is taken before and after visiting a website. Any changes can determine whether or not malicious programs are being installed. Honey Monkeys can also patrol high traffic sites, like Google or Yahoo!, to make sure that spyware hasn't infected them as well.